Now that the SSN’s of my spouse and I are written on every rest stop toilet partition thanks to the guardians of our data, Equifax, we’ve decided to freeze our credit (we don’t foresee opening any new lines of credit for a long time). To freeze the credit for two individuals, you have to fill out six online forms (three credit agencies times two people). I went through the laborious process and got so far as to answer all the questions (which of these is a former phone number, how many sex partners have you had, etc) and even enter credit card info to pay for the freeze. Out of six attempts, only two actually worked (thank you Experian). We will have to write four letters to send, along with checks, to Equifax and Transunion.
We have had this exact same problem when trying to get our “free” credit reports. Most of the time, the process fails and you have to call or write a letter.
For both of these processes, you are trying to protect or review your credit. It should be easier. To open a new line of credit is much easier (not counting a home mortgage). They ask your SSN and basic data and maybe your employer and salary (do they ever check?). Boom…here is your new line of credit!
Why do they make it so much harder to protect your data? Maybe I’m doing something wrong. I’m also thinking this should be in the pit because I’ve wasted too much time dealing with this hassle.
Just to answer this part, if you’re opening a LOC under a certain amount (15k ish) at a bank/CU where you meet certain qualifications (ie you have a mortgage and Super Premier Gold Checking Account), often times a banker can extend that credit to you on the spot.
I know when I paid off my LOC and asked about opening a new one the banker I was working with said she could open an Express LOC right then and there in about 10 minutes with a 6% APR for 15k or I could go through the regular process (home appraisal, credit check, loads of paper work) and get a much larger one with smaller APR.
Yeah, that scenario makes sense where it is easy to get credit, particularly if you have a mortgage with them: They already have your info and history. However, to apply for a credit card online is incredibly easy and they ask less questions of you than when I struggled to freeze my credit. I still have to write four letters and send them along with checks and hope that they don’t come back with “can’t verify you”.
Credit is a big scam that has been legitimized. Credit agencies really aren’t interested in anything but making money, so they are not looking out for your best interests. I don’t know my credit score, but I know it is down in the subbasement. Credit cards so easily acquired are in collections, our jobs evaporated in 2009, so the house was foreclosed, and we have not had decent jobs in many years. But we had enough credit to buy a new car when it became necessary.
There is an advantage to having lousy credit. One place we lived had an utterly incompetent post office, and everyone’s mail was going to the wrong addresses every week. Someone got enough info to apply for a loan in our name. We found out when we got the rejection letter. Not much to steal here.
We do have some protection. We’ve used Norton for computer security for years, and now they include ID theft insurance (Face it. It is insurance, because it helps you after the fact more than it prevents it) with the account.
While I never tried it, when I had a monitoring service (truecredit, which is through transunion IIRC), there was a button on it to lock my credit reports. Like I said, I never used it, so I don’t know if there was a charge for it, but it was always there.
It looks like a better, and free, option may be a fraud alert. I’m trying to wrap my head around exactly how they work, but from what I can tell you only need to tell one bureau and they’ll tell the other two. From there, again from what I can tell, if anyone requests your credit report they’re either required to (maybe) do a more stringent job of proving that it’s actually for you and/or (again maybe?) directed to touch base with you first. But, like I said, I’m not totally sure how it works.
I agree that protecting your personal info ought to be easier than it is – and really ought not to be something the credit bureaus can charge a fee for, especially when their crappy security is the reason you’re having to deal with this in the first place. But I would argue that part of the problem here is just how easy it is for you (or someone posing as you) to get credit in your name.
The problem is that for some stupid reason we use our social security numbers as permanent, crappy passwords to unlock everything important – instead of using them as originally intended, which is just to identify you for social security. If you were choosing a password to protect, say, your personal email account, would you use one that you’d already given to a bunch of government agencies, and all your past employers, and your medical insurance provider, and your mom and dad, and about a jillion other people? Of course not – that would be stupid. It doesn’t make it any less stupid just because we’re calling it a “social security number” while treating it like a password. But unfortunately, this stupidity is forced on us.
Why should someone be able to apply for a credit card in my name, just because they know my SSN and a few other facts about me? Why shouldn’t they have to supply a password to prove they’re really me? Sure, there’d need to be someone who could verify they’d entered the correct password – and perhaps that’d end up being the same credit bureau that F’d up their security so bad in this case. But the key difference is, a password can be changed if I believe it’s been compromised. For that matter, it isn’t limited to 9 numbers. Hell, why isn’t there some sort of 2-factor authentication (e.g., text message confirmation) when someone wants to open a line of credit in my name?
How is it that I have an actual password preventing someone from impersonating me on the SDMB, but not preventing someone from impersonating me to sign up for a credit card? Do I care more about who can comment under some name I made up, than who can rack up debt under my actual name?
Hell, even just “Credit bureau sends you a text message or email whenever someone tries to do a credit check, and doesn’t complete the check until you reply with confirmation” would be a million times better than the current system. I shouldn’t have to freeze and unfreeze my credit to be protected from people impersonating me. The credit bureau should be required to make some sort of effort at authentication beyond “Well, they knew a few things about him…”
I don’t see how anyone can protect their identities anymore. Between this, the Chase breach, the Target breach, and the IRS it seems like all of the horses are out of the barn and will be running free, forever.
The only remedy I see is to give every one new SS numbers and make Equifax pay for it. I won’t be standing on one foot waiting for that.
Excellent post! We are stuck with the most insecure password that is the key to the most important aspects of our lives and we can’t change the password or ask for a second form of authentication that we control.
The credit companies are not there to protect us and they don’t care that it is hard for us to deal with them. As long as the companies using their service keep paying.
It seems to me this is something government should deal with. There should be some consumer protection here that is sorely lacking.
BTW, I sent the four certified letters with checks (two to Equifax and two to Transunion). Yesterday, I check my credit card statement and the two $10 charges to Equifax that they said failed are there! :mad: So, now I have to wait and see if they cash the two checks as well and dispute it. More work for me. I did keep the screenshots that explicitly say I need to physically mail in a letter. WTF? I even tried to be proactive and email Equifax to warn them of the not needed checks but do you think I can find a way to send an email? HA! :mad::mad:
I once opened an LOC at my local bank. It was a Friday and I needed the money only till Monday when I could cover it (long time ago and I don’t recall the circumstances). I got the money immediately from a friendly bank official I had known for a long time. When I went in on Monday morning to cover it and asked how much interest there was, she explained that an LOC approval had to go through the head office and couldn’t be acted on till Monday, so she had arranged on her own authority, an immediate no-interest loan of the amount we needed. That’s service!
And Equifax is now waiving the credit freeze fee for 30 days. Any wagers on how quickly I’ll get the $20 reimbursed on my credit card? Do you think they’ll rip up the $20 in checks I mailed at their request? Stay tuned folks for the next episode of “The Equifax Colossal Fuckup”.
It’s not really the credit bureau that’s the problem, unless there’s some legislation I don’t know about that requires lenders to utilize the bureaus. The problem is the thousands upon thousands of lenders who are competing with each other for your business. It’s in their financial interest not to install too many hurdles to getting customers.
No! SSNs aren’t supposed to be passwords!
Ahhh! SSNs aren’t passwords!
And herein lies the problem. SSNs are identifiers, just like a name only designed to be unique, and they should be public because how else do you know how to identify someone if their name is private.
One of the basics of computer security, which is really just any security, is the pillars of identification, authentication, and authorization. SSN is a fine identifier, the problem is that there’s nothing in the system for the other two pillars. Lenders started using SSN as all 3, an identifier, authenticator, and authorizor – that is, if you know an SSN you must be that person and you must be allowed to open credit in that person’s name. That’s bonkers!
What’s needed is legislation that defines minimum requirements lenders need to meet in terms of authentication and authorization before opening up a line of credit. It will make getting credit harder for everyone, but the current system is nuts.
Excellent post and I agree! At this point, you have to assume that anyone in the world can open credit in your name without too many hurdles. The only protection at this point is the very cumbersome credit freeze process or to pay for one of the active monitoring tools.
And the credit freeze process is dumb too, because it requires the consumer to make an arrangement with every credit reporting bureau that lenders might use. If millions of people have credit freezes with all 3 current bureaus, then a great way to make a shitload of money would be to open up a 4th bureau, then everyone would have to shell out $30 to put a new freeze in place.
And as I said above, I still don’t know if there’s any guarantee there, because I don’t think lenders are required to check for credit freezes.
I have now shelled out $80 to hopefully freeze the credit for myself and my wife. Of course, I better get $20 back from Equifax for charging my credit cards when they say they didn’t and then an additional $20 back because they are now offering free freezing for 30-days.
This is cumbersome and expensive. Decisions about credit in my name is out of my hands and it isn’t right.
Can anyone confirm whether or not it is necessary to activate the credit freeze at all three bureaus? I have heard conflicting information about whether doing it at one would notify the others by default.
I believe you have to do all three since they all charge money for this “service”. When you attempt to use their web interface, there is no mention that your $10 will cover the cost to do freeze it at the other agencies. I give it a 99.99% chance that you have to do all three. There is nothing easy with this crappy companies.
Helpful hint: If your credit agencies are frozen and you decide to buy a car or whatever, find out which credit agency they use for their check on you, and just unfreeze that one. You can specify how long you want the account unfrozen before it’s refrozen.
I didn’t say a new SS for password purposes. I said new SS numbers, the cost financed by equifax. Then the current SS numbers in the hands of the hackers will do no good. Then the credit bureaus find another way. No more SS numbers given to them in the future.